> From: "Shyh-Wei Luan" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
>
> >> How can I create and maintain the key file for the application server?
>
> > Any way you want. "cat >key" even, though you probably shouldn't use
> > such a restricted key.
>
> Doesn't the key file have some format? For file servers, the command
> for adding a key is "bos addkey". What command do I use to create a
> key file or to add a key to the key file for *application servers*?
>
You don't want to use a key file. Ick. Not unless you
enjoy pretending 8 byte numbers are ascii text strings.
You want to use a srvtab instead. They're easier to maintain,
have a standard format, and are more flexible.
You can use "ksrvutil" to create a srvtab. To use it, you'll
most probably need to find a copy of the MIT kerberos libraries,
and make the appropriate modifications for AFS. You may as
well get it anyways if you plan to do other stuff with kerberos.
Source to a copy of ksrvutil can be found in the directory
/afs/umich.edu/user/m/d/mdw/src/ksrvutil/
there are no doubt better locations - this is happens
to be the source that I compiled and use.
You can use "klist" to list the principals in a srvtab.
Even the standard MIT version will list it out just fine
(string to key differences won't matter there.) The
"-srvtab" flag must be specified to make this happen.
You can use srvtab's with ordinary MIT code, or you can use
it with RX. "Working" sample code for an RX based server that uses
rxkad with a srvtab to implement security for a simple threaded
database, can be found in:
/afs/umich.edu/group/itd/ftp/sysadm/perfmon/orsrc.Z
(tar'd, compressed)
Note, as always, distributed "as is, no documentation, no support".
-Marcus Watts
UM ITD RS Umich Systems Group
